Add email password reset logic. #2

Merged
muyrety merged 7 commits from :auth/email into main 2025-05-24 12:06:47 +00:00
Contributor

This PR introduces functionality for email-based password resets using Python's built-in libraries working with the SMTP protocol. The implementation sends welcome and password reset emails formatted as shown here:

image

image

The motivation for this feature came from encountering password-related issues on uselis.eu, making this addition beneficial.

To configure email password resets, you need to set the following configuration variables:

  • EMAIL_USER (SMTP login username, e.g. hi@example.com)
  • EMAIL_PASSWORD (the SMTP login password to the corresponding user, e.g. Hunter2)
  • EMAIL_SERVER (the SMTP server address and port, e.g. mail.example.com or mail.example.com:1234 note: port 587 is implied (i.e. the default for secure email submission with authentication))

Uhh yeah :D

Signed-off-by: Arija A. ari@ari.lt

This PR introduces functionality for email-based password resets using Python's built-in libraries working with the SMTP protocol. The implementation sends welcome and password reset emails formatted as shown here: ![image](/attachments/1aa0e03c-5e01-4296-8f09-40bdf2c9d49b) ![image](/attachments/43d157fe-432e-4cd5-848f-5c78fd00b938) The motivation for this feature came from encountering password-related issues on uselis.eu, making this addition beneficial. To configure email password resets, you need to set the following configuration variables: * `EMAIL_USER` (SMTP login username, e.g. `hi@example.com`) * `EMAIL_PASSWORD` (the SMTP login password to the corresponding user, e.g. `Hunter2`) * `EMAIL_SERVER` (the SMTP server address and port, e.g. `mail.example.com` or `mail.example.com:1234` **note:** port 587 is implied (i.e. the default for secure email submission with authentication)) Uhh yeah :D Signed-off-by: Arija A. <ari@ari.lt>
ari added 1 commit 2025-05-23 22:50:57 +00:00
Signed-off-by: Arija A. <ari@ari.lt>
ari 2025-05-23 22:51:16 +00:00
  • added the
    enhancement
    label
  • requested review from muyrety
ari added 1 commit 2025-05-23 23:01:02 +00:00
Signed-off-by: Arija A. <ari@ari.lt>
ari added 1 commit 2025-05-23 23:12:51 +00:00
ari added 1 commit 2025-05-23 23:28:09 +00:00
Signed-off-by: Arija A. <ari@ari.lt>
muyrety requested changes 2025-05-24 11:43:30 +00:00
smarter/auth.py Outdated
@ -89,1 +103,4 @@
- Team Smarter""",
)
except db.IntegrityError:
Owner

Username or email is taken

Username _or_ email is taken
ari marked this conversation as resolved
@ -153,0 +222,4 @@
).fetchone()
reset_token = secrets.token_hex(16)
Owner

Check if user exists: if user_data is not None ...:. Server panics with code 500 if there is no user with that username.

Check if user exists: `if user_data is not None ...:`. Server panics with code 500 if there is no user with that username.
ari marked this conversation as resolved
@ -153,0 +237,4 @@
- Team Smarter""",
)
Owner

Storing the reset token in the session kinda defeats the purpose of email verification. The client can see the session contents. The only solution would be to store the reset token internally, probably in the SQL database.

Storing the reset token in the session kinda defeats the purpose of email verification. The client _[can see the session contents](https://flask.palletsprojects.com/en/stable/api/#sessions)_. The only solution would be to store the reset token internally, probably in the SQL database.
Author
Contributor

True, but honestly I'll just hash it :) And oops about the session thing, I misremembered that it's encrypted, guess it's just signed.

True, but honestly I'll just hash it :) And oops about the session thing, I misremembered that it's encrypted, guess it's just signed.
ari marked this conversation as resolved
@ -0,0 +41,4 @@
<button type="submit" class="btn btn-outline-primary" id="registerButton">Reset password</button>
</div>
</form>
Owner

Formatting needs to be fixed, same as auth/pwreset.html.

Formatting needs to be fixed, same as auth/pwreset.html.
ari marked this conversation as resolved
@ -0,0 +16,4 @@
<button type="submit" class="btn btn-outline-primary" id="pwresetButton">Reset password</button>
</div>
</form>
Owner

Text should be centered, maybe coloring it could also help. Top margin should be added.

Text should be centered, maybe coloring it could also help. Top margin should be added.
ari marked this conversation as resolved
Owner

The related content is below the comment, forgejo only shows code above the comment for some reason.

The related content is below the comment, forgejo only shows code above the comment for some reason.
ari added 1 commit 2025-05-24 11:58:36 +00:00
* Check if a user exists on password reset
* Hash session contents

Signed-off-by: Arija A. <ari@ari.lt>
ari added 1 commit 2025-05-24 12:02:15 +00:00
requested review from muyrety 2025-05-24 12:02:29 +00:00
muyrety merged commit 061c627286 into main 2025-05-24 12:06:47 +00:00
Author
Contributor

hell yeah 🔥🔥🔥

hell yeah 🔥🔥🔥
ari deleted branch auth/email 2025-05-25 16:10:35 +00:00
Sign in to join this conversation.
No description provided.